For more than three years, the National Fire protection Association's Technical Committee on Premises Security has worked to develop two new technical documents dealing with security in the built environment. NFPA 730, Guide for Premises Security, and NFPA 731, Standard for the Installation of Electronic Security Systems, have not yet been approved by the membership or the NFPA Standards Council, but they are available in draft through NFPA's Web site, www.nfpa.org.
NFPA first decided to proceed with this project in 1994 at the request of interested members of the association. The scope of the Premises Security Technical Committee states: "This committee shall have the primary responsibility for documents on the overall security program for the protection of premises, people, property, and information specific to a particular occupancy. The committee shall have responsibility for the installation of premises security systems."
Membership is made up of representatives from organizations including ASIS International, the American Institute of Architects, the National Electrical Contractors Association, Builders Hardware Manufacturers Association, International Council of Shopping Centers, Professional Alarm Services Organization of North America and the Security Industry Association.
Standards development within NFPA is a consensus process that allows any interested party to participate. NFPA 730 and 731 have been available for public review and comment since August of 2003. The Technical Committee met in February of 2004 to review and recommend action on all the public comments received. The actions of the Technical Committee have been published in the NFPA's Report on Proposals as well as on its Web site. This allows the public to provide further comment on the committee actions before the document is put before the full NFPA membership for action.
The closing date to comment on the committee's actions on public proposals was October 1, 2004. The committee will meet to act on comments, and the Report on Comments that will document their action is scheduled to be available on April 1, 2005. NFPA 730 and 731 are scheduled to be put before the association membership at the June 2005 World Fire Safety Conference & Expo in Las Vegas. After adoption by NFPA, these documents will be put on a regular revision cycle that can range from two to five years between editions.
Standards versus Guides An NFPA document can be developed as a code, a standard, a recommended practice or a guide. From the onset, the committee agreed that the document providing criteria for design and installation of electronic security systems (NFPA 731) should be a standard.
NFPA defines a standard as "a document, the main text of which contains only mandatory provisions using the word "shall" to indicate requirements and which is in a form generally suitable for mandatory reference by other standards or code or for adoption into law." A standard can be adopted into law. But standards are typically made applicable when they are referenced through foundation documents, such as building codes.
For example, take NFPA 13, Standard for the Installation of Sprinkler Systems. This standard does not require that sprinklers be provided in a building. However, when a building code requires sprinklers to be provided, it will reference a specific edition of NFPA 13 as being applicable. The system is then required to be designed and installed in accordance with the standard.
NFPA 731, Standard for the Installation of Electronic Security Systems, is written to be referenced by other documents. Reference documents could include bid specifications and contract documents.
The committee had numerous debates on what type of document NFPA 730 should be, settling finally on a guide?"a document that is advisory or informative in nature and that contains only nonmandatory provisions."
The scope of NFPA 730 is broad and will allow for inclusion of new information and guidance in many areas of security. The guide describes features and practices that can be implemented in buildings to reduce security vulnerabilities.
Chapters 1 through 4 provide basic information on the document, including the scope, purpose and application statements. The overall goal of the guide is to provide a framework for assessing the security needs of a facility and to provide guidance for implementing a program to address those needs. A security program needs to address all the features of a facility as well as building services, maintenance activities and operations.
Chapter 5 provides a seven-step process for developing a vulnerability assessment that is the cornerstone for a security plan.
- Form a team of representatives from each area of the organization.
- Characterize the organization and the facilities to be protected. This involves identifying the assets, property, people, information and products to be protected. This step also includes reviewing and identifying the layers of protection currently in place.
- Conduct a threat assessment by classifying critical assets, identifying potential targets and potential threats and adversaries. This should include a consequence analysis to identify the effect of an adverse incident.
- Conduct a threat vulnerability analysis to identify actual and potential threat scenarios and estimate the relative security risk level.
- Define specific security countermeasures to address the areas of vulnerability identified in the threat assessment and threat vulnerability analysis.
- Taking the countermeasures into account, assess the security risk reduction.
- Document the findings and recommendations and track the implementation of recommendations.
Chapter 6 provides a comprehensive review of perimeter security measures. These include fences and other physical barriers, protective lighting, ironwork (e.g., bars and grills), glazing materials, passive barriers and electronic security devices. Depending on their construction, walls, floors, roofs, doors and windows may also be considered exterior security devices and systems. This chapter provides guidance on the design and installation of these types of features.
Chapter 7 describes the usage and provides guidance for application of various types of common physical security devices including builders' hardware, locks, doors, windows, safes, vaults and strong rooms.
Chapter 8 provides guidance in the development of interior security measures to protect specific areas or information. The chapter provides definitions for controlled and restricted areas and discusses methodologies for addressing these spaces. This chapter also reviews the different types of systems and equipment that can be deployed as security measures.
Chapter 9 discusses and provides guidance in the application of security personnel. Security personnel can be an effective and necessary component of a security program. The operational needs of the facility can be a critical factor in deploying security personnel. The effectiveness and activities of security personnel need to be defined in the context of the physical security program for the facility.
Chapter 10 provides guidance and recommendations for developing a security plan. It also discusses the features such a plan should include. As identified earlier in this article, the vulnerability assessment is the starting point for creation of the security plan.
- Other elements should include
- summary of the threat/risk assessment and the security mission statement;
- procedures for communication, facility management, people movement and reactions to specific security incidents;
- security vulnerability assessment;
- description of facility and organizational structure;
- security organization and ops;
- threat assessments and risks;
- employee, visitor and vendor safety;
- protective barriers;
- security and emergency lighting;
- alarm systems;
- access control;
- electronic surveillance;
- computer operations;
- contingency plans; and
- outside resources (i.e., local, state and federal law enforcement, fire and emergency medical).
Chapters 11 through 22 provide guidance in the development of security plans for specific occupancies and unique issues that should be considered in developing those plans.
NFPA 731 covers the application, installation, performance, testing and maintenance of physical security systems and their components. The purpose of the standard is to define the means of signal initiation, transmission, notification and annunciation, as well as to establish standard levels of performance and reliability for electronic security systems. It also establishes minimum quality of installation and discusses where redundancy is required.
NFPA 731 is arranged in a similar manner to other NFPA standards. The first chapter is dedicated to administrative requirements such as applicability, retroactivity and equivalency to the requirements.
Chapter 2 identifies publications referenced in the standard and other publications that could be of interest to the user. Chapter 3 includes definitions used in the body of the standard that may have a different meaning in the context of the standard than may be found in Webster's Dictionary.
Chapter 4 provides fundamental requirements that are applicable to all types of security systems addressed in the standard. This includes criteria for system design and installation as well as basic requirements for equipment, types of systems, power supplies, wiring methods and documentation of designs.
Chapters 5 through 8 provide requirements for specific types of security systems, and Chapter 9 identifies requirements for acceptance testing as well as ongoing testing and maintenance requirements for electronic security systems.
Looking into the Future
NFPA 730 provides a tool for systematic security program development. NFPA 731 provides a baseline for quality electronic security system design and installation. As end users, engineers and manufacturers become more aware of these documents, it is expected that they will eventually become the foundation for development of security plans in the built environment.
Raymond A. Grill, PE, is president of Sako & Associates Inc., a national security consulting firm. He also serves as the secretary of the NFPA Technical Committee on Premises Security.